<p>When creating a website, developers and testers usually create test user
accounts like "test / 123456" and give them administrative
permissions; add test user groups with redundant privileges; create test web
pages showing the user accounts or system configuration information. The most
severe blunder is to create a page giving a visitor the administrative
privileges just by opening it.</p>

<p>It is extremely important to keep track of such test objects and delete them
before deploying the web project. If you fail to do so, a successful attack on
your website is just a matter of time. </p>


<ol>
<li>Verify there are no test accounts left.</li>
<li>Ensure that the remaining accounts have strong passwords containing at least
  8 characters including letters in varying case, digits and punctuation marks.</li> 
<li>Verify that there are no test pages and files left.</li> 
 </ol>